2 LETSENCRYPT_DIR: "/shared/letsencrypt"
8 - if [ -z "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then echo "LETSENCRYPT_ACCOUNT_EMAIL ENV variable is required and has not been set."; exit 1; fi
9 - /bin/bash -c "if [[ ! \"$LETSENCRYPT_ACCOUNT_EMAIL\" =~ ([^@]+)@([^\.]+) ]]; then echo \"LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address\"; exit 1; fi"
13 - cd /root && git clone https://github.com/Neilpang/acme.sh.git && cd /root/acme.sh && git reset --hard ac0970abbad9390f9ab5e99f7f4043502d40eafa
14 - touch /var/spool/cron/crontabs/root
15 - install -d -m 0755 -g root -o root $LETSENCRYPT_DIR
16 - cd /root/acme.sh && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --install --log "${LETSENCRYPT_DIR}/acme.sh.log"
17 - cd /root/acme.sh && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --upgrade --auto-upgrade
20 path: "/etc/nginx/letsencrypt.conf"
23 worker_processes auto;
27 worker_connections 768;
36 types_hash_max_size 2048;
38 access_log /var/log/nginx/access.letsencrypt.log;
39 error_log /var/log/nginx/error.letsencrypt.log;
45 location ~ /.well-known {
46 root /var/www/discourse/public;
53 path: /etc/runit/1.d/letsencrypt
57 /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
59 LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --issue -d $$ENV_DISCOURSE_HOSTNAME -k 4096 -w /var/www/discourse/public
61 if [ ! "$(cd $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME && openssl verify -CAfile ca.cer fullchain.cer | grep "OK")" ]; then
62 # Try to issue the cert again if something goes wrong
63 LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --issue -d $$ENV_DISCOURSE_HOSTNAME -k 4096 --force -w /var/www/discourse/public
66 LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh --installcert -d $$ENV_DISCOURSE_HOSTNAME --fullchainpath /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer --keypath /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key --reloadcmd "sv reload nginx"
68 /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop
71 filename: "/etc/nginx/conf.d/discourse.conf"
72 from: /ssl_certificate.+/
74 ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer;
77 filename: /shared/letsencrypt/account.conf
78 from: /#?ACCOUNT_EMAIL=.+/
80 ACCOUNT_EMAIL=$$ENV_LETSENCRYPT_ACCOUNT_EMAIL
83 filename: "/etc/nginx/conf.d/discourse.conf"
84 from: /ssl_certificate_key.+/
86 ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key;
89 filename: "/etc/nginx/conf.d/discourse.conf"
92 add_header Strict-Transport-Security 'max-age=63072000';